wez Thu Sep 26 08:12:28 2002 EDT Modified files: /php4/ext/standard file.c file.h /php4/main streams.c user_streams.c Log: Fix segfault in wrapper error log mechanism when errors are logged on second and subsequent events. Implement very simple recursion protection for user streams written like this: class urlEncodeStream { var $fp = NULL; function stream_open($path, $mode, $options, &$opened_path) { $this->fp = fopen($path, $mode); // <-- this recurses infinitely return is_resource($this->fp); } } file_register_wrapper('urlencode', 'urlEncodeStream'); $fp = fopen('urlencode:///tmp/outputfile.txt', 'w'); Noticed by: Yasuo. Index: php4/ext/standard/file.c diff -u php4/ext/standard/file.c:1.262 php4/ext/standard/file.c:1.263 --- php4/ext/standard/file.c:1.262 Thu Sep 26 06:17:40 2002 +++ php4/ext/standard/file.c Thu Sep 26 08:12:26 2002 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: file.c,v 1.262 2002/09/26 10:17:40 wez Exp $ */ +/* $Id: file.c,v 1.263 2002/09/26 12:12:26 wez Exp $ */ /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */ @@ -132,6 +132,7 @@ static void file_globals_ctor(php_file_globals *file_globals_p TSRMLS_DC) { FG(pclose_ret) = 0; + FG(user_stream_current_filename) = NULL; FG(def_chunk_size) = PHP_SOCK_CHUNK_SIZE; } Index: php4/ext/standard/file.h diff -u php4/ext/standard/file.h:1.67 php4/ext/standard/file.h:1.68 --- php4/ext/standard/file.h:1.67 Thu Sep 26 06:17:40 2002 +++ php4/ext/standard/file.h Thu Sep 26 08:12:27 2002 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: file.h,v 1.67 2002/09/26 10:17:40 wez Exp $ */ +/* $Id: file.h,v 1.68 2002/09/26 12:12:27 wez Exp $ */ /* Synced with php 3.0 revision 1.30 1999-06-16 [ssb] */ @@ -115,6 +115,7 @@ int auto_detect_line_endings; int default_socket_timeout; char *user_agent; + char *user_stream_current_filename; /* for simple recursion protection */ } php_file_globals; #ifdef ZTS Index: php4/main/streams.c diff -u php4/main/streams.c:1.82 php4/main/streams.c:1.83 --- php4/main/streams.c:1.82 Wed Sep 25 11:25:12 2002 +++ php4/main/streams.c Thu Sep 26 08:12:27 2002 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: streams.c,v 1.82 2002/09/25 15:25:12 wez Exp $ */ +/* $Id: streams.c,v 1.83 2002/09/26 12:12:27 wez Exp $ */ #define _GNU_SOURCE #include "php.h" @@ -1988,7 +1988,7 @@ int free_msg = 0; if (wrapper) { - if (wrapper->err_count) { + if (wrapper->err_count > 0) { int i; size_t l; int brlen; @@ -2038,6 +2038,7 @@ if (wrapper->err_stack) efree(wrapper->err_stack); wrapper->err_stack = NULL; + wrapper->err_count = 0; } #if ZEND_DEBUG if (stream == NULL && copy_of_path != NULL) Index: php4/main/user_streams.c diff -u php4/main/user_streams.c:1.22 php4/main/user_streams.c:1.23 --- php4/main/user_streams.c:1.22 Mon Sep 23 14:18:40 2002 +++ php4/main/user_streams.c Thu Sep 26 08:12:27 2002 @@ -17,10 +17,11 @@ +----------------------------------------------------------------------+ */ -/* $Id: user_streams.c,v 1.22 2002/09/23 18:18:40 wez Exp $ */ +/* $Id: user_streams.c,v 1.23 2002/09/26 12:12:27 wez Exp $ */ #include "php.h" #include "php_globals.h" +#include "ext/standard/file.h" static int le_protocols; @@ -137,6 +138,13 @@ int call_result; php_stream *stream = NULL; + /* Try to catch bad usage without prevent flexibility */ + if (FG(user_stream_current_filename) != NULL && strcmp(filename, +FG(user_stream_current_filename)) == 0) { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "infinite +recursion prevented"); + return NULL; + } + FG(user_stream_current_filename) = filename; + us = emalloc(sizeof(*us)); us->wrapper = uwrap; @@ -206,6 +214,8 @@ zval_ptr_dtor(&zmode); zval_ptr_dtor(&zfilename); + FG(user_stream_current_filename) = NULL; + return stream; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php